Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

197 advisories

Loading
An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1... Critical Unreviewed
CVE-2024-8888 was published Sep 18, 2024
IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which... Moderate Unreviewed
CVE-2024-38315 was published Sep 16, 2024
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2).... Moderate Unreviewed
CVE-2024-32006 was published Sep 10, 2024
The Central Manager user session refresh token does not expire when a user logs out.  Note:... High Unreviewed
CVE-2024-39809 was published Aug 14, 2024
An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and... Low Unreviewed
CVE-2022-45862 was published Aug 13, 2024
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10... Moderate Unreviewed
CVE-2022-38382 was published Aug 13, 2024
IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could... Moderate Unreviewed
CVE-2023-26288 was published Jul 30, 2024
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses... Moderate Unreviewed
CVE-2022-32759 was published Jul 25, 2024
On versions before 2.1.4, session is not invalidated after logout. When the user logged in... Critical Unreviewed
CVE-2024-29070 was published Jul 23, 2024
In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or... High Unreviewed
CVE-2024-41827 was published Jul 22, 2024
Multiple insufficient session expiration vulnerabilities [CWE-613] in FortiAIOps version 2.0.0... High Unreviewed
CVE-2024-27782 was published Jul 9, 2024
KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1... High Unreviewed
CVE-2024-36041 was published Jul 5, 2024
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The... High Unreviewed
CVE-2024-5995 was published Jun 14, 2024
An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in... Moderate Unreviewed
CVE-2024-36523 was published Jun 12, 2024
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions ... High Unreviewed
CVE-2024-35206 was published Jun 11, 2024
SurveyKing v1.3.1 was discovered to keep users' sessions active after logout. Related to an... Critical Unreviewed
CVE-2024-35049 was published May 14, 2024
An issue in SurveyKing v1.3.1 allows attackers to escalate privileges via re-using the session ID... High Unreviewed
CVE-2024-35050 was published May 14, 2024
An issue in SurveyKing v1.3.1 allows attackers to execute a session replay attack after a user... Moderate Unreviewed
CVE-2024-35048 was published May 14, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which... Moderate Unreviewed
CVE-2023-40695 was published May 3, 2024
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3... Moderate Unreviewed
CVE-2024-22358 was published Apr 12, 2024
Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session... Moderate Unreviewed
CVE-2024-25954 was published Mar 28, 2024
xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which allows attackers to use the... Critical Unreviewed
CVE-2024-29401 was published Mar 26, 2024
Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone router from Sagemcom. This... High Unreviewed
CVE-2024-1623 was published Mar 14, 2024
A CWE-613 “Insufficient Session Expiration” vulnerability in the web application, due to the... Moderate Unreviewed
CVE-2023-45600 was published Mar 5, 2024
The MFA management features did not properly terminate existing user sessions when a user's MFA... Unknown Unreviewed
CVE-2024-21722 was published Feb 29, 2024
ProTip! Advisories are also available from the GraphQL API